Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7IrQ5-ss9hbUHfWi5N6cFrfG1AA.roa
File:                     7IrQ5-ss9hbUHfWi5N6cFrfG1AA.roa (raw, json)
Hash identifier:          mA2kSBBb3/Mkroe01HJTuOgHG6IN2aWq2/W519CQKAQ=
Subject key identifier:   EC:8A:D0:E7:EB:2C:F6:16:D4:1D:F5:A2:E4:DE:9C:16:B7:C6:D4:00
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019C2F1F6879088ACE7321DA82F298CCEA70
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7IrQ5-ss9hbUHfWi5N6cFrfG1AA.roa
Signing time:             Thu 05 Feb 2026 18:45:13 +0000
ROA not before:           Thu 05 Feb 2026 18:45:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     46844
IP address blocks:        109.196.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2f:1f:68:79:08:8a:ce:73:21:da:82:f2:98:cc:ea:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Feb  5 18:45:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ec8ad0e7eb2cf616d41df5a2e4de9c16b7c6d400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9b:4e:0f:85:90:56:ac:54:de:3f:cd:16:fb:
                    fd:f0:8a:9f:f7:3b:ac:c4:03:38:ae:4d:ab:90:79:
                    56:ae:7b:7e:1b:3c:0d:58:ee:64:84:92:69:89:91:
                    18:60:11:18:86:74:78:ac:c6:c0:48:a4:52:d6:fa:
                    ea:95:2e:e0:aa:2c:15:79:82:57:5b:cb:e4:d7:c5:
                    2b:2d:cb:95:7d:de:b3:6c:4c:9c:9b:0f:51:5d:d7:
                    d2:f2:e9:3a:29:d0:61:32:a8:13:b5:16:f2:e8:c5:
                    cc:2c:6c:3b:e9:3b:e3:b4:53:e8:f4:d5:99:82:38:
                    c6:1e:ab:61:f2:66:3c:96:15:4e:74:cd:a7:0c:27:
                    e9:c4:14:0b:70:90:20:e6:2c:34:15:17:59:a2:ad:
                    a8:ac:82:f4:c8:9b:74:2f:28:4e:5c:b3:39:ab:e7:
                    86:2f:d9:e1:06:be:d5:5d:6b:69:a6:fc:af:82:b5:
                    f9:36:ed:56:2c:da:46:e9:47:13:fd:a2:2d:ab:fe:
                    cf:2a:30:a3:fe:2b:8c:cd:fb:85:c7:ce:68:59:09:
                    14:4a:f6:c9:c4:fb:b1:97:f3:30:95:58:4c:d4:8d:
                    48:b9:fc:fd:47:95:b1:4a:07:84:6f:32:1d:2d:b7:
                    2e:7d:54:8b:35:e8:62:b0:55:7e:31:0a:fb:8f:8b:
                    75:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:8A:D0:E7:EB:2C:F6:16:D4:1D:F5:A2:E4:DE:9C:16:B7:C6:D4:00
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/7IrQ5-ss9hbUHfWi5N6cFrfG1AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:31:f2:d9:d7:84:7c:7a:41:90:56:a2:c1:44:52:72:fa:9a:
         7d:40:3c:a2:8f:9b:9b:de:ab:5c:bb:81:75:1b:34:06:8a:d2:
         a5:f9:6e:52:09:62:9e:9d:0a:7d:87:55:31:0c:34:e3:99:10:
         97:ff:9d:9a:08:72:1a:28:41:14:cd:07:97:b0:10:16:93:16:
         d7:39:f0:e4:26:14:d7:b6:87:c3:e9:ce:8f:41:c7:29:fb:80:
         3c:5b:c1:af:4a:c3:2d:34:ce:6c:ab:80:f1:88:5f:c8:a0:7f:
         7d:d9:9a:53:81:e4:19:4c:9f:b1:19:c2:e3:4c:2b:c2:9e:67:
         c7:d1:7d:a9:fb:35:a4:7b:df:cc:a8:e7:4a:ec:94:18:90:dd:
         cd:e1:bd:84:59:ad:91:32:8e:ea:e8:b2:cf:2e:f3:4f:5a:3d:
         0a:e9:56:92:1a:f9:77:24:46:02:ca:f5:18:59:43:cc:9b:e6:
         02:3d:a6:1c:e1:ba:5f:9d:b1:f7:58:06:ba:8e:7f:41:03:3b:
         a1:bd:d3:f9:15:2c:04:e3:b8:08:89:e4:69:e0:4d:67:66:65:
         a6:d1:d5:11:99:4b:e5:40:ef:60:79:67:d5:e5:62:73:aa:c5:
         85:1b:fd:49:63:ba:3f:95:d9:20:af:3b:bc:4c:50:f7:37:c6:
         ef:b9:be:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwvH2h5CIrOcyHagvKYzOpwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjYwMjA1MTg0NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzhhZDBlN2ViMmNmNjE2ZDQxZGY1YTJlNGRlOWMxNmI3YzZkNDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5tOD4WQVqxU3j/NFvv98Iqf9zus
xAM4rk2rkHlWrnt+GzwNWO5khJJpiZEYYBEYhnR4rMbASKRS1vrqlS7gqiwVeYJX
W8vk18UrLcuVfd6zbEycmw9RXdfS8uk6KdBhMqgTtRby6MXMLGw76TvjtFPo9NWZ
gjjGHqth8mY8lhVOdM2nDCfpxBQLcJAg5iw0FRdZoq2orIL0yJt0LyhOXLM5q+eG
L9nhBr7VXWtppvyvgrX5Nu1WLNpG6UcT/aItq/7PKjCj/iuMzfuFx85oWQkUSvbJ
xPuxl/MwlVhM1I1Iufz9R5WxSgeEbzIdLbcufVSLNehisFV+MQr7j4t1/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyK0OfrLPYW1B31ouTenBa3xtQAMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvN0lyUTUtc3M5aGJVSGZXaTVONmNGcmZHMUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbcRhMA0G
CSqGSIb3DQEBCwUAA4IBAQCPMfLZ14R8ekGQVqLBRFJy+pp9QDyij5ub3qtcu4F1
GzQGitKl+W5SCWKenQp9h1UxDDTjmRCX/52aCHIaKEEUzQeXsBAWkxbXOfDkJhTX
tofD6c6PQccp+4A8W8GvSsMtNM5sq4DxiF/IoH992ZpTgeQZTJ+xGcLjTCvCnmfH
0X2p+zWke9/MqOdK7JQYkN3N4b2EWa2RMo7q6LLPLvNPWj0K6VaSGvl3JEYCyvUY
WUPMm+YCPaYc4bpfnbH3WAa6jn9BAzuhvdP5FSwE47gIieRp4E1nZmWm0dURmUvl
QO9geWfV5WJzqsWFG/1JY7o/ldkgrzu8TFD3N8bvub5/
-----END CERTIFICATE-----